<?php

namespace app\common;


/**
 * sign 验证类
 */
class HttpSignAuth extends \yii\base\Behavior
{


    public $privateKey = '12345678';

    public $signParam = 'sign';

    public function events()
    {

        return [Controller::EVENT_BEFORE_ACTION => 'beforeAction'];

    }

    public function beforeAction($event)
    {
        //获取 sign
        $sign = Yii::$app->request->get($this->signParam, null);
        $getParams = Yii::$app->request->get();
        $postParams = Yii::$app->request->post();
        $params = array_merge($getParams, $postParams);
        if(empty($sign) || !$this->checkSign($sign, $params))
        {
            $error = ErrorCode::getError('auth_error');
            throw new ApiException($error['status'], $error['msg'], $error['code']);
        }
        return true;
    }

    private function checkSign($sign, $params)
    {
        unset($params[$this->signParam]);
        ksort($params);
        return md5($this->privateKey . implode(',', $params)) === $sign;

    }


}